The automotive industry is using networks to connect together devices and microcontrollers inside vehicles. These networks may utilize, for example, CANbus, Ethernet, and the like.
On such networks, some nodes can control physical components, for example, through actuators. Other nodes only need to receive sensor feedback and possibly present this information to end users. Examples of nodes in such a networked automotive environment include the engine control unit, battery control unit, transmission control unit, airbag control unit, in-car entertainment system and the like.
This heterogeneous environment can create serious security risks. A malicious party may potentially compromise one of these components by using one of the external interfaces exposed by the vehicle. Once such a component is compromised, an attacker can use it as a starting point for attacking other components. An attacker can thus compromise critical vehicle components such as the locking system, the braking system and the engine.
By compromising critical vehicle components, an attacker can disable or cause serious damage to the car or its surroundings, or even cause serious injury or death.